From bc0e528c5964f012aa4065915f25e394c1ac818d Mon Sep 17 00:00:00 2001 From: Patrick Insinger Date: Tue, 26 Dec 2017 18:18:37 -0500 Subject: [PATCH] Update handlebars and remove cookie-parser Old handlebars version had a CVE, GitHub was loud. Removing cookie-parser because we don't use cookies. --- app.js | 2 -- package.json | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/app.js b/app.js index a0ebe0f16..b4f23e03f 100644 --- a/app.js +++ b/app.js @@ -7,7 +7,6 @@ var express = require('express'); var bodyParser = require('body-parser'); var methodOverride = require('method-override'); var morgan = require('morgan'); -var cookieParser = require('cookie-parser'); var mongoose = require('mongoose'); var port = process.env.PORT || 3000; @@ -22,7 +21,6 @@ var app = express(); mongoose.connect(database); app.use(morgan('dev')); -app.use(cookieParser()); app.use(bodyParser.urlencoded({ extended: true diff --git a/package.json b/package.json index 8c2ba41b5..4358af629 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,6 @@ "bcrypt-nodejs": "0.0.3", "body-parser": "^1.8.4", "bower": "^1.8.0", - "cookie-parser": "~1.3.2", "dotenv": "^1.2.0", "email-templates": "^2.0.1", "express": "^4.9.8", @@ -20,7 +19,7 @@ "gulp-sass": "^2.3.2", "gulp-sourcemaps": "^1.12.0", "gulp-uglify": "^1.5.4", - "handlebars": "^3.0.3", + "handlebars": "^4.0.11", "jsonwebtoken": "5.0.4", "method-override": "^2.3.5", "moment": "^2.10.3",